JUST GOT HACKED

Νίκος nikos.gr33k at gmail.com
Tue Oct 1 09:42:31 EDT 2013 

Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
> On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
>> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>>>
>>> On 01/10/2013 10:58, Νίκος wrote:
>>>>
>>>> Just logged in via FTP to my server and i saw an uploade file named
>>>> "Warnign html"
>>>>
>>>> Contents were:
>>>>
>>>> WARNING
>>>>
>>>> I am incompetent. Do not hire me!
>>>>
>>>> Question:
>>>>
>>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
>>>> ACCOUNT?
>>>>
>>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY RISK.
>>>>
>>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY MAIN
>>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>>
>>>
>>> Would you please stop posting, I've almost burst my stomach laughing at
>>> this.  You definetely have a ready made career writing comedy.
>>
>>
>> Okey smartass,
>>
>> Try to do it again, if you be successfull again i'll even congratulate you
>> myself.
>>
>> --
>> https://mail.python.org/mailman/listinfo/python-list
>
> It looks like you are accusing someone of doing something without any
> proof whatsoever.  Would you like help with the fallout of the lawsuit
> that I hope Mark might (should!) come up with?i'am
>
> Speaking of “try again”, I doubt it would be hard…  As long as a FTP
> daemon is running somewhere (and you clearly do not know better); or
> even you have a SSH daemon and you do not know better, an attacker
> can:
>
> a) wait for you to publish your password yet again;
> b) get you to download an exploit/keylogger/whatever;
> c) brute-force.
>
> Well, considering it’s unlikely you actually have a long-as-shit
> password, (c) is the best option.  Unless your password is very long,
> in which case is not.
>
> I’m also wondering what language your password is in.  If you actually
> used a Greek phrase, how long will it take you to get locked out due
> to encoding bullshit?

Like i use grek letter for my passwords or like i'am gonna fall for any 
of your 3 dumbass reasons.

I already foudn the weakness and corrected it.

More information about the Python-list mailing list